Cisco Firewall :: 5510 No Machine Can Ping Out To Internet Gateway
Jul 25, 2012
Switching out a 5510 as our primary firewall with a 5520. I've essentially copied the working config from the 5510, and put it on to the 5520, making small changes where necessary. Plug everything. I cannot get out to the internet.
Facts:
-All interfaces have no shut on them
-No machine can ping out to the internet gateway
-All machines can ping out to the inside interface of the firewall
-It's not a problem with the internet because I can take a laptop, enter in our outside interface information, plug it into the internet gateway, and I can get out to the internet just fine.
View 14 Replies
ADVERTISEMENT
Mar 31, 2011
We have two ASA5510s, each with outside interfaces to the same two ISPs (different IP addresses within the same subnet, of course). Both ASAs allow ICMP on all (inside and outside) interfaces. One ASA's default route is to ISP-1 and the other is to ISP-2. We can ping the default gateways for both ISPs from only one ASA. From the other ASA, we can only ping the default gateway for the default route but not the other. The pings originate from an inside client, first configured with the default gateway for ASA-1, then for ASA-2. Why does this happen, how do I troubleshoot something like this and how do I fix it?
View 1 Replies
View Related
Jan 11, 2012
I have recently made some chages to my ASA 5510 (not sure what) I was previously able to ping url... and I am now not able to ping anything on the Internet, but The Internet connectivity work perfectly.
View 7 Replies
View Related
May 7, 2012
I am using Linksys E4200 wireless router. I connected two machines, this way.
|LAP1|--------(LAN ethernet connection)----------|LinksysE4200|-------(Internet wired connection)--------|LAP2|
On the Linksys E4200, the Internet wired connection side, I gave static IP address which is in the same network range as that of LAP2.When tried to ping from LAP1 to LAP2, ping doesnot happen. Any settings by which I can ping from LAP1 to LAP2.
View 2 Replies
View Related
Jun 13, 2011
I have a a firewall policy on a Cisco 2911 - the zone policy from OutZone>InZone basically drops everything apart from inspected traffic on the opposite direction and a few essential traffic generated externally (such as Outlook web access and E-mail exchanging). However, I seem to be getting a lot of firewall drops coming from the immediate gateway of the ADSL WAN address to the internal IP range on port 3. I get about 10 hits every 5 seconds.
Policy:
policy-map type inspect FWPol_Out-In
class type inspect CCP_PPTP
pass
class type inspect FCMAP_In-Email
pass
class type inspect FCMAP_In-OutlookWebAccess
inspect(code)
%FW-6-LOG_SUMMARY: 1 packet were dropped from IMMEDIATE WAN GATEWAY:0 => INTERNAL IP ADDRESS:3 (target:class)-(FWPair_Out-In:class-default), the immediate gateway would ping an internal IP address? Keepalive? Could this be stemming from another problem? The traffic wasn't generated internally as all InZone>OutZone is inspected.
View 1 Replies
View Related
Jan 22, 2012
I have newly deployed network. I have two ASA5520-AIP20-k9. both connected to ISP and configured as Active/standby failover. the ASAs were working fine at first but later on, the internet connection becomes very slow. the ping reply i am getting from my next hop(ISP router) varies during the peak hour is some times in 2000 msec or above but during off hours, the ping reply time is 1 and 2 msec. when I directly connect my laptop to the link that comes from the ISP its ping reply is 1msec and 2msec. I thought the ping reply of the ASA5520 to the ISP gateway should be constant and should be 1 and 2 msec regardsless of the traffic passing through the firewall.
View 1 Replies
View Related
Feb 21, 2011
A while ago internet access was slowed right down for an hour or so. I have a phone line that comes into the house and then into gateway (10.0.0.2) then ethernet from that to linksys wifi router (192.168.1.1). So I did the following ping and repeated what you see below a few times to see that these results were broadly consistent, which was the case. One other person is connected to linksys via ethernet cord and they might have been on at the time. Questions are.... are these results consistent with contention caused by other user on the linksys? and why can I ping gateway but not the router? That makes no sense to me! I am not annoyed with the other person if he is hogging the network...I like him. I just wonder whats going on. When the internet works results from pinging are all as one would expect
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:Documents and SettingsNASA>ping 192.168.1.1
[Code].....
View 4 Replies
View Related
Jul 26, 2012
We have a VPN setup between two Cisco RV082 routers, the VPN status shows as connected however I can't ping the other network. I am unable to ping between routers, let alone ping computers behind those routers.
We have 2 branches, branch 1 is on a static IP and branch 2 is Dynamic. I am able to connect via QuickVPN from Branch 2 to Branch 1 and remote desktop to computers, however have yet to VPN/remote desktop in the opposite direction.
To me it seems like a firewall issue at branch 2, but what's causing this. Also they are currently running 2 differnet firmware version not sure if this would cause a problem.
View 1 Replies
View Related
Jan 4, 2011
I am using the default configuration at this point. I just connected 1 computer using the default IP with DHCP on the RV042 router. 192.168.1.0/255.255.255.0.I connect my wildblue satalite modem using a static IP address 75.106.203.xxx / 255.255.252.0 I can ping the RV042 router and the static IP address of the wildblue router but I can't ping the gateway on the wildblue side. Either from the PC or the Router diag tools.
View 1 Replies
View Related
Jun 23, 2011
I have an ASA-5510 in a location that loses connectivity to the wan gateway after anywhere from five to fifteen minutes. At first I thought that the unit might be defective, but I replaced it with an ASA-5505 with similar results. A reload of the ASA-5510 will restore connectivity for the next quarter hour.
Here's the version information on the 5510:
Cisco Adaptive Security Appliance Software Version 8.2(1)
Device Manager Version 6.2(1)
Compiled on Tue 05-May-09 22:45 by builders
[Code].....
View 1 Replies
View Related
Nov 1, 2012
We have a 3560 switch behind a ASA 5510 at a site that we are trying to access via telnet over the internet, we find out the switch does not have a default gateway configured. So I configure the following rule on the 5510: [code] Try accessing the switch, and all is good. One of our change control steps is to identify any others are connected to the device via: [code] I see the connection and show users command return 172.16.30.15, as expected. How is it possible that address can connect to that switch.
View 7 Replies
View Related
Dec 12, 2011
I set this up and I can ping all the gateways but never the hosts. I was hoping I could make these links between 6500's a mix of L2 and L3. Check it out. They are connected in a linear fashion R1--->R2--->R3. I can ping from R1 to R3's SVI4 gateway but I can never ping a host on that SVI4. I was hoping that I could use the port-channels between 6500's as routed links or as trunk links depending on the type of traffic....thought it would ease the migration. I suppose I could always get rid of the port-channels and just make separate L2 and L3 links between the 6500's.
View 3 Replies
View Related
Mar 4, 2011
I currently have an ASA 5510 unit. I have a dmz setup which house some web servers and an inside interface. The web servers contain multiple public ip addresses which I have natted and access is fine.What is the most simple way to enable ping for my dmz from the outside. Meaning if someone outside the network pings one of the servers by its public ip address I would like it to respond to ping.
View 1 Replies
View Related
Apr 9, 2012
II have a management network 192.168.5.x and VPN network 192.168.25.x. I can ping a all my network elements except to firewall (ASA5510). The ASA has the IP 192.168.5.1. I think that the firewall has some restriction but I don't know. I have 8.2 software and any connect 3.0 and work fine. If I am in the management network (192.168.5.7), I can ping to firewall. The restrict is with the VPN network.
View 4 Replies
View Related
Dec 9, 2012
Background: I have a couple of ASA 5510's I'm going to put in our lab environment. I have restored them to default config and set up the m0/0 interface with an ip/mask and started the http server. My lab environment is on the 10.45 subnet and my .com corporate environment is on the 10.40 subnet. I've also setup DNS and, from the ASA, can ping anything in the 10.45 subnet.
The problem, is that from the ASA, I can not ping the internet or my 10.40 subnet. And vice versa, I cannot ping the ASA from my 10.40 subnet. When I bring up a regular server, there is no special configuration I need to do as those subnets talk to each other and nothing is restricted.
Is there something special I need to do go get it to work? I tried adding a access list to allow icmp, but that didn't seem to work.Oh, and I'm getting to the ASA by RDPing into a lab server (on 10.45) then putty to the ASA.
View 7 Replies
View Related
Apr 13, 2013
I ran into a very strange icmp ping issue. The network has been working fine other than the issue listed below, L2L VPN works fine and all three data centers can access each other via L2L VPN.I have three ASA5510. [code]
View 5 Replies
View Related
Jan 9, 2012
The VPN will connect.I can ping and connect to the ASA 5510 on it's LAN interface.My problem is that I cannot ping or access anything on the LAN past the firewall. What am I doing wrong?
Here is my config.Result of the command: "show config"
Saved
: Written by enable_15 at 22:55:02.299 UTC Tue Jan 10 2012
!
ASA Version 8.2(5)
!
hostname ********
[code]....
View 1 Replies
View Related
Apr 4, 2012
The ASA is configured in very simple transparent mode. As desired, traffic can flow in each direction between inside and outside. I can manage the ASA via console and direct connection to the management interface. The problem is that I cannot ping or ssh to the ASA via the inside interface. I need to be able to manage the ASA from any PC on the inside LAN. I suspect I am missing some easy aspect of the configuration but after a lot of hours I'm about at the end of my patience with it. Here is what I believe to be the relevant parts of the config.
ASA Version 8.2(1)
!
firewall transparent
hostname issr1
enable password 2alej83t5cqT0FWd encrypted
passwd 4kleUY438I93.4ljdh encrypted
names
[code]....
View 4 Replies
View Related
Apr 4, 2011
I have a public IP (static). I have a Gateway machine which is connected through a modem. When I want to add that public IP to the Gateway Device through [URL] site.
View 3 Replies
View Related
Jun 26, 2012
I was trying to add an Access Rule then Nat rule, they applied ok then i lost connection to my ASA 5510.I cant ping device ip, i cant connect via console , only can acess via Management port, i have pasted Running config. [code]
View 4 Replies
View Related
Nov 27, 2012
One of my client has BSNL leased line with LAN IP POOL we configured those on ASA 5510 nad Internet working fine but from cloud we are not getting any response for ping requiest please find running configuration below:
ciscoasa(config)# sh run
: Saved
:
ASA Version 8.2(1)
[Code]....
View 4 Replies
View Related
Mar 3, 2013
I recently added a business cable modem to relieve some of the congestion I was getting on my T1 for our MPLS network. There was an ASA 5510 collecting dust in a closet here and I thought it would be the perfect device for firewalling the traffic coming in from the Cable modem, and handling the routing of our internal MPLS traffic as well. Internet setup was cake. The test laptop I have using the ASA as it's gateway has great internet service but it cannot ping across either of our MPLS networks. I have one MPLS with AT&T and one MPLS with EarthLink. My hope was to use the cable modem as the Default route for all unspecified internet traffic and route our internal MPLS traffic to the cisco 2800 routers that are currently in place for the MPLS. I can ping across the MPLS when I telnet to the ASA, but I cannot ping across the MPLS from the client that is connected to the ASA.
Here's the topology I'm working with
Internet
|
Cable Modem
|
ASA 5510 10.52.120.23
[Code].....
View 8 Replies
View Related
Feb 28, 2011
This is what I have as a setup:BT Home Hub wifi routerPC with Windows 7 Home premium connected via ethernetMacbook Pro with OSX10.6 connected via wifiIt feels like i've tried everything to get this working. As far as I can see the settings are all ok but I've noticed that I can't ping the PC from the mac although I can ping with success the other way around tried traceroute from the macbook and it gives me this so it is able to see it somehow...Code:traceroute to 192.168.1.66 (192.168.1.66), 64 hops max, 52 byte packets 1 alistair-pc.home (192.168.1.66) 1.724 ms * 1.151 msNot sure where to go from here. I think discovering that ping is failing is a good start to diagnose.
View 19 Replies
View Related
Apr 7, 2011
I have an GRE Tunnel across my head office and remote site with multiple subnets using cisco 1841 routers.I can ping most of the devices on the remote side, but I can not ping certain devices.These devices respond to ping requests on the local LAN, but not through the WAN link. If I change the IP of device than it start responding. I am using same gateway and mask on these devices.The remote site is running classic STP on switches with distribution switch being the root bridge.
View 4 Replies
View Related
Jan 9, 2013
Internet ISP -> Juniper SRX 210 Ge-0/0/0
Juniper fe0/0/2 -> Cisco ASA 5505
Cisco ASA 5505 - >Inernal LAN switch.
1. Internet is connected to Juniper Ge0/0/0 via /30 IP.
2. Juniper fe0/0/2 port is configured as inet port and configured the Internal public LAN pool provided by the ISP. And this port is directly connected to Cisco ASA 5505 E0/0. Its a /28 pool IP address. This interface is configured as outside and security level set to 0.
From Juniper SRX, am able to ping public Internet IPs (8.8.8.8).
Issue:
1. From ASA am unable to ping public ip configured on Juniper G0/0/0 port.(/30)
2. From ASA no other Public internet IP is pinging.
Troubleshooting Done so far.
1, Configured icmp inspection on ASA.
2. Used the packet tracer in ASA, it shows the packet is flowing outside without a drop.
3. Allowed all services in untrust zone in bound traffic in Juniper SRX.
4. Viewed the logs when I was trying the ping 8.8.8.8 in ASA. It says "Tear down ICMP connection for faddrr **** gaddr **
View 2 Replies
View Related
Jun 29, 2011
I was just wondering if it possable if I could make a server with URL Filtering, Firewall, and a login system.So, when users want to use the internet they are required to login before they do. Is there a program out there?
View 2 Replies
View Related
Feb 26, 2013
I have some problem with the ASA 5510 ver 7.0(6). My manager wants to keep this as backup. tried lots of things but still users not able to access internet nor can i ping anywhere.For example when i ping 4.2.2.2 i dont get any reply.The runing config is below for ur ref :
HQ-ASA-01# show running-config
: Saved
:
[Code]......
View 9 Replies
View Related
Feb 13, 2013
i'm having problem to ping succesfully default gateway on Router1 from Router2. Basically i can: - ping from R1 the serial interface on R2 and default gateway on R2 - telnet from R1 to R2 - ping from R2 to serial link on R1, BUT I CANNOT ping default gateway from R2 to R1 Below is the photo showing topology and running configuration on both routers
View 2 Replies
View Related
May 13, 2013
One of our ASA5505 can not ping the gateway today. But when I use a notepad , using the same IPs, it can ping the gateway !!!
It is so strange, the ASA5505 was working ok before until today.
Is there anyting I can do to check whether the ASA is ok ?
View 2 Replies
View Related
Sep 10, 2012
I have a VM server, whose IP is in customer VLAN600 ( 172.60.60.10/24 ) and Peer end is switch then Firewall.Switch is configured with same VLAN600 and learning mac-address of Server on VLAN 600, Firewall is also having VLAN600 and IP is 172.60.60.1/24.Server is not able to Ping/reach Firewall and vice versa.
View 1 Replies
View Related
Aug 29, 2012
Have been given a Dell computer for my daughter, it is only just over a year old and cant get it to connect to internet. It keeps saying that the router is not working, when I know it is ok because my other computers work on the internet ok. When I was looking to see if I could find problem I managed to access something which let me check computer connection and it came up that the Gateway IP Ping failed so I would not be able to connect to internet
View 1 Replies
View Related
Jun 17, 2012
I am trying to configure Nat on a clean ASA 5505, but can't get it to work. I ran the commands below. On the ASA I can ping the internet and inside vlan ip. On my laptop I can ping the ASA inside vlan ip, but I can't ping the outside vlan ip. From another network I can ping the ASA outside public ip. Is there an access-list that denies inside from accessing outside?
I am running version 8.4(3) and I erased the existing configuration.
ASA(config)# interface vlan 1
ASA(config-if)# ip address 10.0.0.1 255.255.255.0
ASA(config-if)# nameif inside
[Code].....
View 8 Replies
View Related
Oct 24, 2012
I've spent the last two days working on this problem and it is killing me! I know the answer has to be something simple, but despite hours of searching and trying different things, I just can't seem to fix it.Essentially, I am going to be installing a Cisco 2691 and use it as the default gateway for a small business. It will be directly connected to a cable modem with a static IP. The other Ethernet interface is going to connect to a 2950 switch with a couple different VLANs.
The problem I'm having is that I can ping anything external from the router itself. From the clients connected to the 2950, I can ping IPs in other VLANs, and I can ping up to the IP of the external interface, but no pings go beyond that.I've set up NAT overload on the router, and when I do a debug ip nat, I see the pings trying to get through with the proper translations, but I still don't receive ICMP replies back.I set up GNS3 to simulate what I'm trying to accomplish (since it emulates a 2691). Attached is a jpg of the topology -- on the right is the "simulated ISP" with 3 loopback networks and one host on a different subnet. The 2691 has a static route to the "Internet" router, and can ping everything attached to the router, including the host. The host (5.5.5.5) can also ping the outside interface of the 2691 (50.50.50.2).
However, the hosts behind the 2691 can't ping past 50.50.50.2. The 192.168.0.x network can be ignored, because that network won't need to access the Internet. But the 10.10.20.x (VLAN 20) and 10.10.30.x (VLAN 30) networks will need to. In the simulation, the hosts are 10.10.20.5 and 30.5. They can ping each other, their default gateways, and the 2691 outside interface (50.50.50.2) but not the other side, the "Internet" router at 50.50.50.1 or beyond.
[code]....
View 4 Replies
View Related
